package com.bdqn.t330.ch09.shiro;


import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {

    @Bean
    public MyShiroRealm myShiroRealm() { //自定义 Realm
        MyShiroRealm shiroRealm = new MyShiroRealm();
        return shiroRealm;
    }

    @Bean
    public DefaultWebSecurityManager securityManager() { //安全管理器 SecurityManager
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //注入 Realm
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }

    //看不懂，暂时先不管
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactory(SecurityManager securityManager) {//Shiro 过滤器：权限验证
        ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
        //注入 SecurityManager
        shiroFilterFactory.setSecurityManager(securityManager);
        //权限验证：使用 Filter 控制资源(URL)的访问
        //本次课暂不设置过滤器进行权限验证，下章再学习
        return shiroFilterFactory;
    }
}
